Security

Security is part of the product.

Proofence exists to make AI trustworthy, and that starts with how we build and operate our own systems. This page describes our security practices and commitments.

The practices below describe how we approach security today and the commitments we hold ourselves to. They describe our program and intent; they are not a warranty. We will update this page as our program matures.

A note on certifications. We describe our practices rather than claim compliance status. We will reference specific certifications, attestations, or audits (for example SOC 2, ISO 27001, or HIPAA) only once they have been achieved and confirmed.

Our posture

How we protect systems and data.

Secure development

Security is considered throughout the development lifecycle. We use code review, dependency management, and testing practices intended to catch issues before they reach production, and we work to remediate identified vulnerabilities in a timely manner.

Data protection and minimization

We aim to collect and retain only the data needed to provide our services, and to protect it in transit and at rest using industry-standard encryption. Where verification can be performed without retaining sensitive content, we prefer to minimize what is stored.

Access control and least privilege

Access to systems and data is restricted to those who need it, and granted at the minimum level required. We use authentication controls and separation of duties, and we review access as roles and needs change.

Secure infrastructure

Our services are built on infrastructure operated with hardening, network controls, logging, and monitoring in mind. We design for isolation between environments and work to keep systems patched and observable.

Monitoring and response

We maintain logging and monitoring to help detect anomalous activity, and we maintain processes for investigating and responding to potential security events.

Vendor and dependency management

We evaluate the third-party services and dependencies we rely on, and we track the components in our supply chain so we can respond when new risks are disclosed.

Responsible disclosure

Report a vulnerability.

We welcome reports from security researchers and users. If you believe you have found a security vulnerability in a Proofence product or service, please contact us with the details and steps to reproduce so we can investigate. We ask that you give us a reasonable opportunity to address an issue before disclosing it publicly, and that you avoid accessing or modifying data that is not your own.

Security contact:
security@proofence.example

We will acknowledge legitimate reports and keep reporters informed as we work toward a resolution.

Bring verifiable trust to every AI decision.

Start in AtlasProof by Proofence, or talk to us about enterprise governance with AirTrustOS by Proofence.